Hi, On Nov 6, 2012, at 16:17 , elsif wrote:
> Yesterday the ZSK rollover occurred. 19855 moved to "retire", "7645" was > selected as the next key and made "active". > ODS hasn't used the new "7645" key yet. It's been 14 hours, 14 signings. > > So...when exactly is ODS supposed to start mentioning the "active" key in the > zone? The Enforcer will do the key rollovers, update the signconf for the zone and then notify the Signer that a new signconf is available. I don't exactly know your setup but you could start by looking at the signconf for the zone, check that the right key is configured. Then look at the Signer syslog messages for when the Enforcer rolled the key if there was any problem. As a workaround you can manually tell the Signer to update the signconf; ods-signer update <zone> . /Jerry -- Jerry Lundström - OpenDNSSEC Developer http://www.opendnssec.org/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
